Scribd
Upload
32 views16 pages

Mobile Forensic Investigation Protocol

what are the protocol we have to follow in the process of Mobile Forensic Investigation.

Uploaded by

SOURAJIT MAITY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
32 views16 pages

Mobile Forensic Investigation Protocol

what are the protocol we have to follow in the process of Mobile Forensic Investigation.

Uploaded by

SOURAJIT MAITY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Mobile Forensic Investigation Protocol

(An Overview of Methods


and Procedures)

Presented by,
Name.: Sourajit Maity
Reg. No.: 233001810105
Paper code.: MSFS303C
Batch.: MSFS2023-25, DFST
Introduction to Mobile Forensics
Mobile forensics is the Scope
science of recovering,  Smart phones, tablets,
analyzing, and preserving wearable devices.
digital evidence from  Call logs, SMS, emails,
mobile devices.
images, location data,
Purpose
apps, etc.
 Investigating crimes
involving mobile devices
Recovering critical digital
evidence.
Importance of Mobile Forensics
• Criminal Investigations: • Geolocation Tracking:
Essential for uncovering
evidence in cases like Helps track suspects
cybercrimes, fraud, and theft. and victims, providing
• Rich Source of Evidence: crucial contextual
Mobile devices store diverse information.
data, including texts, emails,
location information, call logs, • It helps identify
and multimedia files. perpetrators, track
• Immediate Evidence: Mobile
their activities, and
forensics can provide real-time
access to evidence that can be gather evidence for
critical in fast-moving legal actions.
investigations.
Mobile Forensic Investigation Workflow

Phase 1: Pre Investigation


 Preparation
Phase 2: Investigation
 Seizure and Isolation
 Preservation of Evidence
 Acquisition of Data
 Analysis of Data
Phase 3: Post Investigation
 Reporting
Phase 1, Pre Investigation
• Identify Investigation Requirements.
• Develop an Investigation Plan.
• Prepare Necessary Tools and Equipment.
• Establish a Forensically Sound Environment.
Seizure of Device
Key Considerations
 Ensure device is handled
without altering data.
 Isolate the device from
networks (use Faraday
bags).
On-Site Procedures
 Document device condition
(photos, logs).
 Collect passwords, charging
cables, and SIM details.
Preservation of Evidence
Prevent data alteration
 Use airplane mode or isolation techniques.
 Power off the device (only if required).
 Take precautions to maintain chain of custody.
 Tools, Faraday bags, shielded boxes.
Data Acquisition
Types of Acquisition
 Logical Acquisition: Accesses
visible data (e.g., contacts,
messages).
 Physical Acquisition: Creates
bit-by-bit copy of the entire
memory.
 File System Acquisition:
Retrieves directory structure
and files.
Tools Used
 UFED (Cellebrite), Oxygen
Forensics, Mobiledit, etc.
Analysis of Data
What to Analyze?
 Call logs, SMS, MMS.
 Multimedia (photos, videos)
 GPS and location data.
 App data (WhatsApp, Telegram,
etc.)
Tools for Analysis
 Autopsy, XRY, MOBILedit
Forensics, FTK Imager.
Correlating Evidence
 Linking timestamps,
communication patterns, and
locations.
Reporting and Documentation
Creating Reports
 Include all findings and
analysis.
 Use screenshots, evidence
trails, and extracted data.
Documentation
 Chain of custody records
 Tools and techniques used
 Findings presented clearly
and concisely
Tools Used in Mobile Forensics
Software Tools Cloud Forensics Tools
 EnCase Mobile Investigator  Oxygen Forensic Cloud
 FTK (Forensic Toolkit) Extractor
Mobile  Cellebrite Cloud Analyzer
 XRY (Xact eDiscovery and
Open-Source Tools
Recovery) Mobile
 Android Debug Bridge
 UFED (Universal Forensic
Extraction Device) Mobile
(ADB)-
 Oxygen Forensic Detective  Mobile Internal
 Magnet AXIOM Acquisition Tool (MIAT)
 MOBILedit  Autopsy
Challenges in Mobile Forensics
• Device encryption and passcodes.
• Rapid evolution of mobile operating systems.
• Data volatility and risk of contamination.
• Use of anti-forensics tools.
• Legal and privacy concerns.
Conclusion and Forensic Significance
• Mobile devices can provide critical evidence in
a wide range of crimes, including homicides,
thefts, and cybercrimes.
• Mobile forensics can help investigators track
and locate suspects, identify associates and
accomplices, and disrupt criminal networks.
• Mobile forensics can also be used to
investigate corporate espionage, intellectual
property theft, and other civil matters.
Acknowledgement
I would like to extend my heartfelt gratitude to
Assistant Professor Ashmita Paul for her
invaluable guidance, support, and
encouragement throughout this presentation.
Her expertise and insights have been
instrumental in shaping my work, and her
constant motivation has been a source of
inspiration. Thank you for your unwavering
dedication and for being a mentor I can look up
to.
Reference List
• Al-Dhaqm, Arafat, et al. "A review of mobile forensic
investigation process models." IEEE access 8 (2020).
• Bair, John. Seeking the Truth from Mobile Evidence: Basic
Fundamentals, Intermediate and Advanced Overview of Current
Mobile Forensic Investigations. Academic Press, 2017.
• Patel, Bhavini, and Palvinder Singh Mann. "A Survey on Mobile
Digital Forensic: Taxonomy, Tools, and Challenges." Security and
Privacy (2024).
• Moreb, Mohammed, Saeed Salah, and Belal Amro. "A novel
framework for mobile forensics investigation
process." International Journal of Computing and Digital
Systems 16.1 (2024): 125-136.

You might also like